31.6 million healthcare breached records can’t be right? But it is, and it’s double all of 2018. Protenus’ Breach Barometer for the first six months of the year tallied over double the number of patient records breached calculated for 2018 (15.1 million). The number of breach incidents reported was smaller–285 breach incidents disclosed to the US Department of Health and Human Services or the media–compared to 503 breaches in 2018, which means that individual data breaches affected far more records.
Hackermania is running wilder than ever. Nearly half the breaches were due to hacking. The big kahuna of breaches this year was reported in May at American Medical Collection Agency, a third-party billing collections firm. This eight-month breach affected 20 to 22 million records at Quest Diagnostics, LabCorp, Opko Health, under one of its subsidiaries, BioReference Laboratories, Inc., and Clinical Pathology Laboratories [TTA 5 June] This hack also involved Optum360, a Quest contractor and part of healthcare giant Optum. In terms of PII, the records breached included SSI, DOB, and physical addresses.
Yet insider breaches are still a significant threat at 21 percent, whether from errors without malicious intent or deliberate wrongdoing. In the report, Protenus (with DataBreaches.net) calculated that 60 of the 285 breaches were insider-related affecting 3.5 million records. 35 were insider-error incidents, with 22 additional due to wrongdoing.
When it comes to breaches, the trend is easily not healthcare organizations’ friend, as 2018 tripled 2017’s total breached records. This is despite the new emphasis on healthcare IT security and insider training. Protenus release, FierceHealthcare, Protenus first half report (PDF)